Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore: add support for configurable admin domain #284

Merged
merged 4 commits into from
Dec 13, 2024
Merged

chore: add support for configurable admin domain #284

merged 4 commits into from
Dec 13, 2024

Conversation

mjnagel
Copy link
Contributor

@mjnagel mjnagel commented Dec 12, 2024

Description

Modifies the trusted hosts policy to match "*.${UDS_ADMIN_DOMAIN}" instead of "*.admin.${UDS_DOMAIN}". Note that *.${UDS_DOMAIN} will also match *.admin.${UDS_DOMAIN} due to how Keycloak interprets these. In some cases both list items may be identical, but Keycloak allows this without issue.

This should wait on the related PR in uds-core: defenseunicorns/uds-core#1114

Related Issue

N/A

Type of change

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Other (security config, docs update, etc)

Checklist before merging

@mjnagel mjnagel self-assigned this Dec 12, 2024
@mjnagel mjnagel mentioned this pull request Dec 12, 2024
Merged
5 tasks
@mjnagel mjnagel marked this pull request as ready for review December 13, 2024 03:54
@mjnagel mjnagel requested a review from a team as a code owner December 13, 2024 03:54
UnicornChance
UnicornChance previously approved these changes Dec 13, 2024
View reviewed changes
Copy link
Contributor

@UnicornChance UnicornChance left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm

mjnagel
mjnagel commented Dec 13, 2024
View reviewed changes
src/realm.json Show resolved Hide resolved
@mjnagel mjnagel merged commit 03f8561 into main Dec 13, 2024
10 checks passed
@github-actions github-actions bot mentioned this pull request Dec 13, 2024
Merged
mjnagel added a commit to defenseunicorns/uds-core that referenced this pull request Dec 16, 2024
@mjnagel @UnicornChance
chore: allow separate configuration of admin domain name (#1114)
c331ec1 
## Description

Allows more flexibility in deployment by exposing a new zarf var for
`ADMIN_DOMAIN`.

Note that an entirely different domain will require this change in
Keycloak:
defenseunicorns/uds-identity-config#284

## Related Issue

N/A

## Type of change

- [ ] Bug fix (non-breaking change which fixes an issue)
- [x] New feature (non-breaking change which adds functionality)
- [x] Other (security config, docs update, etc)

## Steps to Validate

Testing can be done by exporting `UDS_ADMIN_DOMAIN=uds.dev`. With these
changes you should be able to see all virtualservices and gateways use
`uds.dev`. Applications will not immediately be accessible due to
uds-k3d's nginx config routing them to the wrong gateway (plus the wrong
certs used for the admin interfaces). You can also test with a different
domain entirely but this requires similar setup.

## Checklist before merging

- [x] Test, docs, adr added or updated as needed
- [x] [Contributor
Guide](https://github.com/defenseunicorns/uds-template-capability/blob/main/CONTRIBUTING.md)
followed

---------

Co-authored-by: Chance <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@UnicornChance UnicornChance UnicornChance approved these changes

Assignees

@mjnagel mjnagel

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@mjnagel @UnicornChance